From fc95923fc3ae0a7a6c003bf35dd6af8552b4828b Mon Sep 17 00:00:00 2001
From: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
Date: Mon, 6 Oct 2025 15:57:47 -0700
Subject: [PATCH] Change sample server host from 0.0.0.0 to 127.0.0.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Don't bind the sample server to `0.0.0.0` by default as that exposes the server to anyone else on the local network.

If anyone were to use these samples as staring points to build larger services, those servers would thus expose developers to attack immediately upon launch.

I'd prefer if we avoided that 😆
---
 samples/kotlin-mcp-server/src/commonMain/kotlin/server.kt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/samples/kotlin-mcp-server/src/commonMain/kotlin/server.kt b/samples/kotlin-mcp-server/src/commonMain/kotlin/server.kt
index f48e5ab2..227c83d9 100644
--- a/samples/kotlin-mcp-server/src/commonMain/kotlin/server.kt
+++ b/samples/kotlin-mcp-server/src/commonMain/kotlin/server.kt
@@ -101,7 +101,7 @@ suspend fun runSseMcpServerWithPlainConfiguration(port: Int) {
 
     val server = configureServer()
 
-    embeddedServer(CIO, host = "0.0.0.0", port = port) {
+    embeddedServer(CIO, host = "127.0.0.1", port = port) {
         install(SSE)
         routing {
             sse("/sse") {
@@ -145,7 +145,7 @@ suspend fun runSseMcpServerUsingKtorPlugin(port: Int) {
     println("Starting sse server on port $port")
     println("Use inspector to connect to the http://localhost:$port/sse")
 
-    embeddedServer(CIO, host = "0.0.0.0", port = port) {
+    embeddedServer(CIO, host = "127.0.0.1", port = port) {
         mcp {
             return@mcp configureServer()
         }